A framework for investigating, assessing, understanding, and controlling the information security and privacy risks in BYOD environments
Bello, Abubakar (2015) A framework for investigating, assessing, understanding, and controlling the information security and privacy risks in BYOD environments. Professional Doctorate thesis, Murdoch University.
In a world where the consumerisation of IT has driven individuals to acquire and use the latest technologies, an influx of personally owned devices has populated corporate environments. This phenomenon is known as BYOD. Factors that have led to the growing popularity of BYOD include the perceived benefits of work flexibility, increased productivity and efficiency of employees. Since BYOD allows employees to access organisational data anytime, anywhere, it is necessary to ensure the confidentiality and integrity of organisational information resources and assets: this task has become increasingly complex with the phenomenon of BYOD.
The motivation for this research stems from the security and privacy concerns raised in BYOD literature, as well as the perceived lack of effective BYOD management in organisations. The information security and privacy risks inherent to BYOD can impact organisational resources, making confidentiality, integrity, availability, and accountability difficult to achieve.
With most BYOD solutions at present failing to meet the requirement for holistic management, this research investigates and proposes a solution for how effective information security and privacy can be achieved in BYOD environments.
The methodology used in this research was qualitative, applying a case study approach. Through interviews and web-based questionnaires, data on BYOD perception and usage patterns, BYOD support and management, and BYOD information security and privacy knowledge in organisations were collected.
The evidence from the data of three case studies suggest that organisations lack adequate knowledge of BYOD risks, and how to implement appropriate controls and strike the correct balance between security and privacy to minimise user experience deficiencies. Additionally, organisations may apply only technical controls to manage BYOD, disregarding non-technical measures like policies and procedures.
Based on the study findings, the demand for a holistic solution framework was identified, and is proposed. The solution framework is strategic in that it enables organisations to effectively manage BYOD and balance the trade-off between security and privacy in BYOD environments. Moreover, this study assists in addressing security and privacy issues in the broader IT discipline, as well as BYOD.
|Publication Type:||Thesis (Professional Doctorate)|
|Murdoch Affiliation:||School of Engineering and Information Technology|
|Supervisor:||Armarego, Jocelyn and Murray, David|
|Item Control Page|
Downloads per month over past year